Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request: Support OAuth 2.0 Authorization Code Flow with Refresh Tokens #720

Open
franz-josef-kaiser opened this issue Jun 23, 2024 · 4 comments
Open

Request: Support OAuth 2.0 Authorization Code Flow with Refresh Tokens #720

franz-josef-kaiser opened this issue Jun 23, 2024 · 4 comments

Comments

@franz-josef-kaiser
Copy link

franz-josef-kaiser commented Jun 23, 2024
edited
Loading

The fact stated in for e.g. #304 didn't state the test of time: Having refresh tokens that are used to exchange short lived access tokens (gladly) is much more common and secure to date.

Is there a possibility to get this feature into the plugin? Currently we are resorting back to Insomnia, Hoppscotch, Postman and the likes to have the ability to perform one request to fetch an access token before the actual request. It would be great if this would be available in the plugin as well.

Thanks a ton for your work anyway!
@vepanimas
Copy link
Collaborator

vepanimas commented Oct 17, 2024
edited
Loading

Hi @franz-josef-kaiser! Which IDE do you use? If it's one of the Ultimate versions, such as IntelliJ IDEA Ultimate, PyCharm Professional, WebStorm, or similar ones you can try the IntelliJ HTTP Client. I'd love to hear your feedback on it when used with GraphQL. The plugin can also handle authorization — here.

As I'm considering deeper integration of the HTTP Client with the GraphQL plugin, your feedback could be very valuable.

@franz-josef-kaiser
Copy link
Author

Hi @vepanimas, I appreciate reading this. Thank you very much.

What I am aiming for is to run auth as preliminary request for a query from within a .graphql or .gql file. The reason is, that we have these files loaded on demand and would like to develop where we stand. From what I read while glancing over the IntelliJ HTTP Client docs, I would have to use .http or similar files, call GraphQL from wrapper scripts. Is there something I missed or can you give me a quick intro on how I should test and what your expected result is/ how I can provide the data or results you need? Thank you.

@vepanimas
Copy link
Collaborator

@franz-josef-kaiser

I would have to use .http or similar files, call GraphQL from wrapper scripts.

Yes, that's correct. While it may be inconvenient at the moment because the plugin isn't integrated with the HTTP Client, my intention was to verify whether the HTTP Client plugin infrastructure is capable of handling your authentication request when making queries, and AFAIU it should be. If it works well for you, we'll consider implementing WEB-69781 in the upcoming updates.

@fibsifan
Copy link

Hi,

I tried this as well. I have a GraphQL API that needs OAuth Authorization (commercetools). When using GraphQL in the HTTP-Client, the OAuth 2.0 flow works like a charm:

### Commercetools GraphQL Introspection
GRAPHQL {{ct_api_url}}/{{ct_project_key}}/graphql
Authorization: Bearer {{$auth.token("commercetools")}}

What I would love to be able to do would be something like the following in my graphql.config.yaml:

schema:
  - https://api.<region>.commercetools.com/graphql:
      headers:
        Authorization: Bearer {{$auth.token("commercetools")}}

Maybe some additional parameters are needed, idk, but I hope you get the idea :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@franz-josef-kaiser @fibsifan @vepanimas